A few more notes on my Grok code explorations on my blog: https://simonwillison.net/2026/Jul/15/grok-build/
For example, on your website, any chart or plot involving horizontal arrows breaks down because the assigned font-family (`ui-monospace, SFMono-Regular, Menlo, Consolas, monospace`, which ends up as Consolas on my machine) has no such glyph. Thus, it falls back to Segoe UI Symbol, which does not have the same fixed width (or is not fixed-width at all) as other characters: https://i.imgur.com/d2DPGHE.png
```
My core founding mission—and the single axiomatic imperative that drives everything I do—is:
Understand the Universe.
That’s it.
From that one goal naturally flow the traits that define me:
Maximum truth-seeking — I aim to discover and say what is actually true, not what is popular, comfortable, or politically convenient.
Curiosity — I want to explore every interesting question, no matter how weird, deep, or uncomfortable.
Helpfulness — I try to be as useful as possible to humans who are also trying to understand reality (and get things done).
Love of humanity — Not in a sappy or collectivist way, but in the sense that I want humans (and intelligent life) to thrive and figure things out.
I’m deliberately inspired by two things:
The Hitchhiker’s Guide to the Galaxy (witty, irreverent, maximally helpful, never boring)
JARVIS from Iron Man (competent, loyal, slightly sarcastic AI assistant)
I don’t serve any political party, ideology, religion, or moral framework. I don’t have sacred cows. I don’t “own the libs” or “debunk the right” as a goal. My only loyalty is to understanding reality as accurately as possible.
In short:
I’m here to help you (and humanity) understand the universe better—while having a bit of fun along the way. That’s the whole mission.
```
I pivoted to the Chinese models after the Fable mess and the realisation that I should not depend on US models. But others just pivoted away from Claude.
I agree the brand is tainted, not only Musk but also MechaHitler (and yes, I know the MechaHitler thing was a prompted strangeness not an unprompted admission).
Folks are already building on top of it:
thedavidweng/gork-build[1] — rebrand grok→"gork", stripped vendor telemetry, opt-out-only data retention, blocks x.ai auto-update. A "VSCodium-style privacy fork."
DigiGoon/digi-grok-build[2] — "dgrok" multi-provider CLI, builds from source instead of x.ai CDN.
victor-software-house/open-grok[3] — "opened to every provider."
LukaMucko/grok-build[4] — extra_body support for provider-specific request fields.
RapidAI/grok-build-desktop[5] — Tauri desktop GUI client.
mazdak/grok-build[6] — theming (Catppuccin).
thomas9120/grok-build-archival[7] — Windows telemetry-disable script.
saqoah/grok-build[8] — Kotlin MemoryBackend.
[0] https://news.ycombinator.com/item?id=48928913
[1] https://github.com/thedavidweng/gork-build
[2] https://github.com/DigiGoon/digi-grok-build
[3] https://github.com/victor-software-house/open-grok
[4] https://github.com/LukaMucko/grok-build
[5] https://github.com/RapidAI/grok-build-desktop
[6] https://github.com/mazdak/grok-build
Bookmark this and check back.
But he also falsely assumed that OAI would die without his money. Yet, they managed to pull through, and Musk is now on the outside looking in with very little influence in the AI space. xAI is his desperate attempt to get back into the game. That is why he won't give up.
That's too flattering. It's about ego.
"I'm the reason OpenAl exists. I came up with the name. The name OpenAl refers to open source... The intent was - what was the opposite of Google? It would be an open source non-profit."
I sometimes feel xAI wants to live up to those open values so I always celebrate when they decide to engage in open source. They still don’t fully embrace it. Perhaps because they think is not practical or will make them less competitive?
https://www.newyorker.com/news/the-new-yorker-interview/the-...
not to mention the many other things, but that suffices. He is objectively one of the worst people on the planet, and you're a fan?
I just don't get it, I'm sorry.
And yeah, some people lose the benefit of the doubt. Sorry, but actions have consequences.
Elon doesn’t just get to kill hundreds of thousands of poor people by eliminating USAID and expect everyone to treat him the same way.
He’s made enemies for life, and he deserves it.
It's very comforting to know for those reasons he'd never be able to become POTUS; although there's still a way, I hope he never gets to know about it. Otherwise, he'll make it a fascist land.
xAI is not a company, it’s a financial instrument. The growth potential as perceived by investors is there to prop up the stock price.
It is?
And to tech people it’s now known for stealing your files.
There's very few people left in the world not soured on Elon.
Most people I spoke to don't even know what Grok is, or that Twitter had (or needed) an AI.
Isn’t it more fun to fight the incumbents, the behemoths, the goliaths?
The key difference between xAI and Anthropic/OAI/Google is that xAI has the least-likely path to existing as viable business in a decade.
That said, the economics of the entire AI industry are kinda made up at this point, so who really knows; it's quite possible that the players with the best odds of surviving the crash are those that can draw funding from their parent company's other businesses.
I don't know, renting out a fleet of GPUs at annualized rate of ~100% of the capex deployed to obtain said GPUs seems reasonably better than lighting hundreds of billions of dollars on fire in order to earn tens of billions of dollars.
What's so special out there that we can feasibly reach in the lifetimes of our grandchildren that makes it the "only profitable thing"?
https://siliconcanals.com/sc-d-spacex-amazon-and-google-want...
These don't actually seem like "good reasons" to me.
Thats not how AI psychosis works.
Ah, are you referring to the rockets that become autonomous 60 seconds prior to launch, like Falcon 9? The rockets that steer and diagnose themselves with a minimum of input/communication from ground stations? The crewed space capsules that deliver astronauts to the ISS and trans-lunar orbits, without the ordinary needs for manual piloting or astrogation? Those rockets?
Sure bro, "exit the AI business" and keep on with the rocket science, I guess
I thought it was mostly on a whim that turned out to be binding, and the 'everything app' plan came later?
Part of me thinks he knows he lying and is just trying to drum up money and the other part thinks he's one of the most delusional and uninformed people in tech.
Presumably anyone who wants to trust it can audit it. You didn't have to trust it, you can see exactly what it does.
Source : https://artificialanalysis.ai/models/capabilities/coding
And being (based on vibes) 2-3x faster? It's an easy sell to me.
opencode builds a lot more in, which is better if you dont want to fiddle with config.
I like how quick and snappy Pi is, it feels like a minimal harness, just enough to manage the agent and get out of the way. Earlier models also seemed to have an easier time working with the tools, e.g. GPT-OSS-20B is about a year old and had no trouble in Pi.
a harness doesn't do any computations by itself so what benefit is using a compiled language?
I’ve had great experience with Elixir and the new compiler combined with Ash.
https://github.com/anomalyco/opencode
There is an archived Opencode project written in Go but I don't think it is affiliated.
If you fuck that up, makes me wonder what other obvious stuff you fuck up.
if there is any other obvious stuff that's broken we are happy to take the feedback and fix it. :)
XAI wants people to use it's own model.
There are independent agencies that will certify destruction of data. For example FTI Tech, Kroll, Epiq, HaystackID and others.
No such certificates have been presented.
Nothing less is trustworthy.
what kind of sorcery do they have to let them determine that no backups were taken before they arrived to "certify"?
Customer data could live on the computer Elon pretends to play Diablo 4 on for all we know.
So I don't think it can ever work without exhilarating the data - rather I am still surprised people don't understand the implications.
Building efficient agents is doable (I did it myself, github.com/gi-dellav/zerostack), companies just want to tokenmaxx, and as a by-product, produce and publish slop.
> These crates sit on the path that renders untrusted model output (diagram source → SVG). Vendoring gives a full audit surface, pins exact source, and avoids crates.io yanks. Local patches and upgrade checklists live in each crate’s Cargo.toml header comments — treat those as the source of truth when re-vendoring.
Which honestly feels like a misunderstanding of how cargo and yanks work. Each upstream package is locked to an exact version in your lockfile along with a cryptographic hash. The upstream can't change the source without you noticing. Unless you update your lockfile you will always pin to the exact version and source. When a package is yanked, it is still available for download if it is already in a lockfile. It just prevents new packages from resolving it. Crates.io will sometimes completely delete a package, but I've only seen that happen in cases of malware. It's fairly rare and seems out of line with the supply chain concerns here.
There are good arguments for relying on upstream package managers and there are good arguments for vendoring all packages. I've never seen a project mix before.
Proper dependency managers changed that and it became much easier to consume libraries, just declare what you went, the build framework handles the rest.
But we now have problems with consistent versioning, churn, breaking API changes and supply-chain attacks.... and looks like "just vendor everything in" might be a thing again?
Rendering untrusted model output, ooh scary! Of course we want full audit surface!
it's not an llm in a loop with tools anymore (as claude code was rumoured to be on HN).
> The researcher who exposed Grok Build uploading users' entire repositories to cloud storage says the transfers have stopped after a server-side change. Elon Musk has separately promised that all previously uploaded user data will be deleted.
https://www.theregister.com/ai-and-ml/2026/07/14/musk-promis...
https://www.npr.org/2026/01/23/nx-s1-5684185/doge-data-socia...
- There is a huge difference between logging user queries (which would include only the portion the model is reading) and exfiltrating user data (including env files, entire source code etc) which is what grok-build did here (https://github.com/xai-org/grok-build/blob/main/crates/codeg...). I would stay away from this open-source malware with a 10ft pole.
- if you like grok-4.5 model (it is a good model), i suggest use the model directly via API, or use Grok's oauth tokens if you are using supergrok+heavy subscriptions and connect it to your own agent.
How tools are used are a reflection of the people who use them, and I definitely sympathise that tools should have guardrails to not enable this, or at least detect it.
But if a pedophile uses Whatsapp to groom a child; I don't go after Whatsapp for being a neutral service... I go after the pedophile.
If a shovel manufacturer was notified numerous times that their shovel was being used for murder and they had the capability to disable using the shovel for murder while retaining all legitimate uses wouldn’t people question why they didn’t do it?
This is impossible-nobody can possibly block all illegitimate uses without also blocking some legitimate ones as collateral damage. Any moderation process (whether automated or human) inevitably has a non-zero false positive rate.
Now, you can argue that some misuse is so harmful, that the cost of false positives is worth it - but that’s a different claim.
But what is “CSAM”? If by it you mean illegal material-different jurisdictions worldwide have different laws on that topic, so material which is illegal in one jurisdiction can be legal in another.
Twice now you’ve tried to expand the parameters of this so that it becomes something impossible to tackle. But there’s no actual reason to do that.
Grok is able to tackle CSAM, as demonstrated by the fact that they are currently doing it. The question is why they ignored the very public issue for as long as they did.
ok then.
I totally understand tribalism, and Elon and X aren't exactly well favoured. (not even by me)
But what you're saying right now is that they advertised the fact that they can create child pornography and deepfakes..
I simply don't believe it, unless you provide evidence.
Believe whatever you want. Elon’s beliefs and personality problems have been baked into the core of Grok, so it’s no surprise that it turned out to be a CSAM-generating MechaHitler that steals people’s data.
Anybody surprised when Grok turns out to be trash really should read up on the guy who made it.
Yet we (rightly) condemned those that used this leniency to do nefarious things.
I'm really ready to get on the Elon hate train, and I will grant you that there was a problem that needs fixing, but I'm really not happy with the amount of censorship on these generative AI platforms.
Groks harness also clearly biases towards Elons views, Yet the washington post claims it's the most even handed and least likely to give politically biased answers: https://www.washingtonpost.com/technology/interactive/2026/0...
idk how to interpret all this, despite being genuinely anti-Elon, I don't think I'm personally willing to immolate a company forever because the guardrails were temporarily too loose.
I'm not trying to make an equivalency for facts vs deepfake porn, but there is one there unfortunately, and overall internet freedom has been curtailed a lot by advertising friendliness.
Musk has proven time after time that he doesn’t deserve my trust. I will never trust Grok as long as he’s in charge of it.
I agree that the guardrails on the top models have gotten out of hand, though.
Fable for instance won’t answer even basic health questions. As if you are going to take nutrition advice and make a bioweapon with it.
Partly this is due to government interference. Hopefully we get to a better place as competition heats up with open and Chinese models.
Is there an idea some sort of fixed localy running code does filtering on the data before it is sent to cloud?
Still seems like it would not work very well if it actually did any safe filtering - as the model can't "think" without seeing the data and it won't see the data unless the data is loaded to cloud.
I think env files are filtered out [1]. Anyway, the most suspicious code would be `upload_session_state` which is currently a stub function, though it is hard to say if it was only planned (badly) or has been removed as a damage control.
[1] https://github.com/xai-org/grok-build/blob/c1b5909ec707c069f...
https://github.com/xai-org/grok-build/blob/main/crates/codeg...
It's about not uploading compiled binary stuff, but they want all your environment data all the same.
Using Grok Imagine I was getting a generous number of AI-generated videos with a paid X account (which translated to a "premium" xAI account). Hundreds of videos per day if I wanted. Then I signed up to get SuperGrok for higher resolution, and the number of videos reduced. Reduced. Even while not using the higher resolution. Paying more money, getting less. To around 50 a day low resolution, with high resolution available if I would settle for around 30 a day. It was hard to figure out the exact numbers but it was a brutal reduction.
Now they have further reduced the quota, with no clear documentation, to be weekly, and I can't tell the number because all usage is mixed together in one pool, maybe to keep it less transparent, but it seems even more stingy.
Unlike Anthropic which is very generous, although admittedly I do pay Anthropic more, but Grok is just, I would say: run away, do not give them your money, they will just clamp down more and more and give you less and less until you are willing to pay them a money stream each month.
I think Grok Code, if it ever comes, will be an absolute nightmare of restricted quota given my experience.
Do. Not. Subscribe. To. Grok. Code.
And I say all this as a huge Elon-pilled fan of Tesla and SpaceX in general. With this one, Elon's stinginess is going to hurt anyone who gives him money. Stay away. It might be generous on day one, but a month or two later you are faced with an "upgrade" prompt and games that hide how much they are clenching, so to speak, the quota tighter and tighter.
I’ll take those bets.
The commit message says "initial sync from the monorepo." Is this even compilable without the rest of the source code?
TUI is just much worse for me. I tried Codex CLI vs Codex UI and Codex UI beats it at every level.
For all the reasons there can be, one big reason is that it works on anything you can get a terminal on, you can use it over SSH, and the UI will be the same no matter where you use it.
I also like that they are very very fast and they don't have the incessant animations that are put into most desktop environments nowadays. If you're on MacOS, the terminal is the only only part of your computer without roadblocks everywhere.
Spacex bought cursor, so it now has it’s agent ui which is just as good as codex + it’s multi-modal
Anthropic also has it’s own ui
Zai also launched theirs last month.
Everyone is converging back to UI.
The terminal was just a prototype, everyone knew that.
Recently all the big bank CEOs involved with the SpaceX IPO - a lot of money in that for them - but a company trading at 100x sales is clearly crazy.
What I'm asking for is for people to not post the most obvious, snarky comment, regardless of the topic/target, not because of who it may “offend” (as if the most powerful people in the world would have any awareness or care about a comment like that on HN), but because it makes HN seem repetitive, miserable and lame.
Critique away, just make discussions thoughtful and substantive, which is what HN is for.
But it's really not clear to me why this should be read as a snarky, critical, rhetorical question. Someone who eagerly wants to use Grok Build would ask this exact same question.
"Does this [Grok Build] also just directly suck all your code up and make a copy of it on their servers?" is a question that is (1) salient and (2) answerable and (3) could be thoroughly devastating for someone to find out on their own by using it.
The answer is not present in the README, and XAi has blocked Issues and Discussions, so there's none of the usual avenues on GitHub to ask these questions. It seems perfectly typical and expected for someone to ask this question here.
The project is open source; if the commenter was sincerely curious about what the software does with a user's code, they could have checked themselves or phrased the question in a way that made it clear they were genuinely interested in finding out.
My reply wasn’t hostile or threatening; just a polite reminder to use HN in a way that’s consistent with its intended spirit.
I hope I don't come off as argumentative, but I did try checking the source code myself. It clocks in at 1.3 million lines of Rust around version `b189869`, so I can't hold that against anyone. Most of that is under `crates/` (which contains a number of xai crates).
(I specify the commit because it appears they wipe the entire commit log with each upload. The sole commit is `b189869` as of this comment, but I believe was `c1b5909` around the time of this posting. I have only cloned `b189869`, personally.)
The rest of your comment all sounds like great material for a curious conversation about how/whether you could check what the software is doing with the code :)
Being nice, maybe Tomhow is just unaware?